On Monday, 17 October 2016 13:26:09 CEST Dave Garrett wrote:
> On Monday, October 17, 2016 01:04:18 pm Martin Rex wrote:
> > This list is already missing the warning-level "unrecognized_name" alert,
> > and such a change would imply that all new/unrecognized alerts are going
> > to be treated as fatal forever (i.e. that no new warning-level alerts
> > can ever be defined).
>
> That's already true:
>
> https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-6
> https://tlswg.github.io/tls13-spec/#alert-protocol
> "Unknown alert types MUST be treated as fatal."
>
> Changelog says this change was made for draft 14.

Advertising

but unrecognized_name is defined (it's a part of MTI extension in fact), and
any value defined by a new RFC automatically becomes a known alert
Not to mention that implementations are not supposed to send unknown alerts
unless negotiated by extension.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic